5.6 Exploit
Permalink
Hello,
Does this exploit pattern look familiar to anyone? We keep getting re-targeted so I need to find the root cause.
At least the following files contain malware, but there might be more:
Thanks!
Does this exploit pattern look familiar to anyone? We keep getting re-targeted so I need to find the root cause.
At least the following files contain malware, but there might be more:
./files/8813/8324/list7.php ./files/5513/8418/5511/help27.php ./files/6613/8417/7005/files.php ./files/7814/4431/help16.php ./files/thumbnails/6714/2653/article.php ./concrete/tools/files/permissions.php ./concrete/libraries/3rdparty/Zend/Validate/Barcode/Intelligentmail.php ./concrete/libraries/3rdparty/Zend/Cache.php
Thanks!
I see you are using legacy Concrete5 so first really make sure you have the latest legacy version. AT least one previous version had some hacking potential but it got fixed.
Another thing is those files in the "files" directory should definitely not be there and that makes it really look like someone got through to your server. What I mean is it looks like C5 might not be responsible, your server might be. I might be wrong, though, I'm no security expert.
If you could show us the code that was injected in your site, that might help.